Incidents - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-21
Category
Administrator Guide
Abstract

Manage and investigate incidents in Cortex XSOAR.

Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:

  • SIEM alerts

  • Mail alerts

  • Security alerts from third-party services, such as SIEM, mail boxes, data in CSV format, etc.

Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.